If you are using a supported browser then this generation method appears secure (well it as secure as your browser's implementation of the Web Cryptography API). Window.msCrypto is Microsoft's implementation of this. Uses for this API range from user or service authentication, document or code signing, and the confidentiality and integrity of communications. Additionally, it describes an API for applications to generate and/or manage the keying material necessary to perform these operations. specification describes a JavaScript API for performing basic cryptographic operations in web applications, such as hashing, signature generation and verification, and encryption and decryption. Window.crpto is part of the Web Cryptography API: If(typeof(navigator) != 'undefined' & navigator.appName = "Netscape" & navigator.appVersion > 8 Initialize the pool with junk if needed. Mix in the current time (w/milliseconds) into the pool If(rng_pptr >= rng_psize) rng_pptr -= rng_psize If appears to seed the RNG with window.crypto, which if not available window.msCrypto is used and finally falls back onto current time.
0 Comments
Leave a Reply. |